On Sun, Oct 19, 2008 at 01:24:40PM -0200, Andre Felipe Machado wrote:
> Hello,
> I am trying to answer some questions from Serpro [1], an interested
> government agency that receive attention [0] from Debian Partners
> Program.


How many separate lists do you think you need to post this to?

> - Expected release date for Lenny.


The release team has targeted the last quarter of 2008, but meeting that
goal is entirely contingent on being able to resolve the bugs that have been
identified as critical for this release.

> - How test/guarantee today high end hardware (SAN, blades
> , etc) work fully with Lenny? Are there regression tests?


Debian is a volunteer-run distribution. We provide no guarantees of
compatibility with any particular hardware. If you need such guarantees,
you should probably contract with one of the various companies who support
Debian, to provide you with this guarantee. But you might be better off
contracting directly with a member of the Debian kernel team to support the
hardware of interest to you, since they're the ones who ultimately have the
power to fix it if it doesn't work.

But it's rather late in the cycle for that anyway - you would have been
better off testing for the hardware of interest several months earlier in
the development cycle, not when we're in the middle of the full release
freeze.

> - How help Debian at this task of high end hw drivers?


Test, report bugs, and if necessary, give Debian kernel developers access to
the hardware in question.

By and large, Debian will support the hardware supported by the upstream
Linux kernel; but some upstream kernel versions work better with particular
hardware than others do, so this kind of feedback is essential to ensure
that the kernel we release with is usable for your use case.

> - How much time takes a security patch to be issued?


It varies. There are public studies comparing the response times of the
Debian security team with those of other distros (including the commercial
distros); I suggest you look at those, since no one in Debian is going to
promise you a fixed time frame.

> - Are there regression tests to allow distro consistency of a
> security fix backport to a VERY old version of a sw,
> already outside of security team action scope? (Lets say, a
> Pg 6.x on Lenny, unmaintained even at upstream. Please, do
> not discuss the merit of this approach, as it is _their_ IT mgmt
> problem to solve.) How release team verify distro consistency?


No. Why would Debian be providing regression tests for software we don't
ship?

> Could you point an url with the correct answers to these questions?


No.

--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
slangasek@ubuntu.com vorlon@debian.org


--
To UNSUBSCRIBE, email to debian-qa-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org